Follow:

Microsoft Volume Licensing Blogtwitter

Network Inspection System signatures

The Network Inspection System (NIS) is a feature in Forefront Threat Management Gateway 2010. It is used to narrow the window of opportunity for exploitation between software vulnerability disclosure and patch deployment.

To do this we create and deploy NIS signatures that detect when an attempt to exploit a vulnerability is made. The NIS signatures are available through the Microsoft Update servers.

An index of all currently available NIS signatures is available in this page.

NIS Signatures

Expand all

Vulnerability:Win/CMS.URI.RCE!CVE-2007-0938

Vulnerability:Win/CommerceServer.OWC.RCE!CAN-2002-0621

Vulnerability:Win/CommerceServer.ProfileService.RCE!CAN-2002-0620

Vulnerability:Win/CommServer.AuthFilter.RCE!CAN-2002-0050

Vulnerability:Win/CommServer.ISAPI.RCE!CAN-2002-0623

Vulnerability:Win/DNS.Client.RCE!CVE-2006-3441

Vulnerability:Win/DNS.NAPTR.RCE!CVE-2011-1966

Vulnerability:Win/DotNet.ChartControl.InfoDisc!CVE-2011-1977

Vulnerability:Win/Exchange.Literal.DoS!CVE-2007-0221

Vulnerability:Win/Exchange.OWA.XSS!CVE-2008-2247

Vulnerability:Win/Explorer.FolderGUID.RCE!CVE-2006-3281

Vulnerability:Win/Explorer.WinShell.RCE!CAN-2004-0214

Vulnerability:Win/Forefront.UAG.XSS!CVE-2011-1897

Vulnerability:Win/HTTP.Biztalk.RCE!CAN-2003-0117

Vulnerability:Win/HTTP.NSIISLog.RCE!CAN-2003-0227

Vulnerability:Win/IE.DirectShow.RCE!CVE-2008-0015

Vulnerability:Win/IE.MaskedEdit.RCE!CVE-2008-3704

Vulnerability:Win/IE.WME.RCE!CVE-2008-3008

Vulnerability:Win/IIS.FPSE.DoS!CAN-2002-0072

Vulnerability:Win/IIS.ISAPI.RCE!CAN-2002-0150

Vulnerability:Win/IIS.Request.RCE!CVE-2005-4360

Vulnerability:Win/IIS.URL.PE!CVE-2010-2731

Vulnerability:Win/IIS.WebDav.PE!CVE-2009-1122

Vulnerability:Win/MediaPlayer.Skin.RCE!CAN-2003-0228

Vulnerability:Win/MSIE.OLEAuto32.RCE!CVE-2011-1995

Vulnerability:Win/MSIE.Redirect.RCE!CVE-2011-1262

Vulnerability:Win/MSRPC.CSNW.RCE!CVE-2006-4688

Vulnerability:Win/MSRPC.DNS.RCE!CVE-2007-1748

Vulnerability:Win/MSRPC.EndPointMapper.DoS!CAN-2002-1561

Vulnerability:Win/MSRPC.LLS.RCE!CAN-2005-0050

Vulnerability:Win/MSRPC.LLSLPC.RCE!CVE-2009-2523

Vulnerability:Win/MSRPC.Locator.RCE!CAN-2003-0003

Vulnerability:Win/MSRPC.LSASS.RCE!CAN-2003-0533

Vulnerability:Win/MSRPC.LSASS.RCE!CVE-2009-2524

Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2005-2119

Vulnerability:Win/MSRPC.MSDTC.RCE!CVE-2006-0034

Vulnerability:Win/MSRPC.MSMQ.RCE!CAN-2005-0059

Vulnerability:Win/MSRPC.NETDDE.RCE!CAN-2004-0206

Vulnerability:Win/MSRPC.NRPC.DoS!CVE-2010-2742

Vulnerability:Win/MSRPC.PNP.RCE!CVE-2005-1983

Vulnerability:Win/MSRPC.RASMAN.RCE!CVE-2006-2371

Vulnerability:Win/MSRPC.RPRN.RCE!CVE-2005-1984

Vulnerability:Win/MSRPC.RRAS.RCE!CVE-2006-2370

Vulnerability:Win/MSRPC.SPOOLSS.RCE!CVE-2008-1446

Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2006-3439

Vulnerability:Win/MSRPC.SRVSVC.RCE!CVE-2008-4250

Vulnerability:Win/MSRPC.WebClient.RCE!CVE-2006-0013

Vulnerability:Win/MSRPC.WKSSVC.RCE!CAN-2003-0812

Vulnerability:Win/MSXML.XMLHTTP.RCE!CVE-2006-5745

Vulnerability:Win/OutlookExpress.Headers.DoS!CAN-2004-0215

Vulnerability:Win/OutlookExpress.Mail.RCE!CVE-2010-0816

Vulnerability:Win/PNP.UMPNPMGR.RCE!CVE-2005-2120

Vulnerability:Win/PrintSpooler.NetShare.RCE!CVE-2009-0228

Vulnerability:Win/RDP.Web.PE!CVE-2011-1263

Vulnerability:Win/RemoteDesktop.RDP.RCE!CVE-2012-0002

Vulnerability:Win/RPC.NWWKS.RCE!CVE-2006-4689

Vulnerability:Win/RPCSS.DCOM.DoS!CAN-2003-0605

Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0528

Vulnerability:Win/RPCSS.MSGSVC.RCE!CVE-2003-0717

Vulnerability:Win/RPCSS.NTLMSSPAuth.DoS!CVE-2007-2228

Vulnerability:Win/RPCSS.WKSSVC.RCE!CVE-2006-4691

Vulnerability:Win/Sharepoint.Calendar.XSS!CVE-2011-0653

Vulnerability:Win/SharePoint.Inplview.XSS!CVE-2012-0017

Vulnerability:Win/SharePoint.Layouts.RCE!CVE-2010-1264

Vulnerability:Win/Sharepoint.URL.XSS!CVE-2011-1893

Vulnerability:Win/SharePoint.WizardList.XSS!CVE-2012-0145

Vulnerability:Win/SMB.ASN1.RCE!CVE-2003-0818

Vulnerability:Win/SMB.Browser.RCE!CVE-2011-0654

Vulnerability:Win/SMB.DFS.DoS!CVE-2011-1869

Vulnerability:Win/SMB.DFS.RCE!CVE-2011-1868

Vulnerability:Win/SMB.IndexSrv.RCE!CVE-2004-0897

Vulnerability:Win/SMB.LANMAN.DoS!CAN-2002-0724

Vulnerability:Win/SMB.MRXSMB.RCE!CVE-2010-0016

Vulnerability:Win/SMB.MRXSMB.RCE!CVE-2011-1268

Vulnerability:Win/SMB.Pool.RCE!CVE-2010-2550

Vulnerability:Win/SMB.Protocol.DoS!CVE-2008-4114

Vulnerability:Win/SMB.Rename.RCE!CVE-2006-4696

Vulnerability:Win/SMB.Rename.RCE!CVE-2008-4038

Vulnerability:Win/SMB.RequestParsing.DoS!CVE-2011-1267

Vulnerability:Win/SMB.Server.RCE!CVE-2006-1314

Vulnerability:Win/SMB.Server.RCE!CVE-2006-1315

Vulnerability:Win/SMB.Srv.RCE!CVE-2010-0020

Vulnerability:Win/SMB.TRANS.RCE!CVE-2006-3942

Vulnerability:Win/SMB.Trans.RCE!CVE-2008-4835

Vulnerability:Win/SMB.Transaction.RCE!CVE-2011-0661

Vulnerability:Win/SMB1.RtlCreateSecurityDescriptor.RCE!CVE-2010-0269

Vulnerability:Win/SMB2.SRV2.RCE!CVE-2009-3103

Vulnerability:Win/SMBv2.Command.RCE!CVE-2009-2532

Vulnerability:Win/SMBv2.DFS.DoS!CVE-2009-2526

Vulnerability:Win/SMTP.BDAT.DoS!CAN-2002-0055

Vulnerability:Win/SMTP.DNS.DoS!CVE-2010-0024

Vulnerability:Win/SMTP.Exchange.DoS!CAN-2002-0368

Vulnerability:Win/SMTP.Exchange.RCE!CAN-2003-0714

Vulnerability:Win/TAPSRV.Client.RCE!CAN-2005-0058

Vulnerability:Win/UAG.Cookie.DoS!CVE-2011-2012

Vulnerability:Win/WebServer.ADFS.RCE!CVE-2009-2509

Vulnerability:Win/WebServicesOnDevices.WSDAPI.RCE!CVE-2009-2512

Exploit:Win/Browser.Shellcode.RCE!NIS-2009-0004

Exploit:Win/IE.Comctl32.RCE!CVE-2010-2746

Exploit:Win/IE.MSDAO.RCE!CVE-2011-0027

Exploit:Win/IE.MSHTML.RCE!CVE-2010-3971

Exploit:Win/IE.MSHTML.RCE!CVE-2011-0094

Exploit:Win/IE.MSN.RCE!CAN-2002-0155

Exploit:Win/MSIE.TSAC.RCE!CAN-2002-0726

Exploit:Win/IE.LegacyTextFormatting.RCE!CAN-2002-0647

Exploit:Win/MSIE.HelpActiveX.RCE!CAN-2002-0693

Exploit:Win/MSIE.PluginRendering.RCE!CAN-2003-0115

Exploit:Win/MSIE.BR549.RCE!CAN-2003-0530

Exploit:Win/MSIE.TroubleShooter.RCE!CVE-2003-0662

Exploit:Win/MSIE.WindowsShell.RCE!CAN-2004-0420

Exploit:Win/MSIE.InstallEngine.RCE!CVE-2004-0216

Exploit:Win/MSIE.IOleClientSite.RCE!CVE-2004-1319

Exploit:Win/MSIE.LViewProfiler.RCE!CVE-2005-2087

Exploit:Win/MSIE.COM.RCE!CAN-2005-1990

Exploit:Win/MSIE.COM.RCE!CVE-2005-2831

Exploit:Win/MSIE.MDT2DD.RCE!CVE-2006-1186

Exploit:Win/MDAC.RDS.RCE!CVE-2006-0003

Exploit:Win/FlashPlayer.LoadMovie.RCE!CVE-2006-0024

Exploit:Win/COM.ActiveX.RCE!CVE-2006-1303

Exploit:Win/ActiveX.DXImgTransform.RCE!CVE-2006-2383

Exploit:Win/ActiveX.DXImgTransform.RCE!CVE-2006-2383

Exploit:Win/COM.ActiveX.RCE!CVE-2006-3638

Exploit:Win/ActiveX.Hhctlr.RCE!CVE-2006-3357

Exploit:Win/VML.Fill.RCE!CVE-2006-4868

Exploit:Win/ActiveX.WebViewFolderIcon.RCE!CVE-2006-3730

Exploit:Win/ActiveX.Fpole.RCE!CVE-2006-4704

Exploit:Win/MSIE.VML.RCE!CVE-2007-0024

Exploit:Win/ActiveXControl.HHCtrl.DoS!CVE-2007-0214

Exploit:Win/ADODB.Connection.DoS!CVE-2006-5559

Exploit:Win/COM.ActiveX.RCE!CVE-2006-4697

Exploit:Win/COM.ActiveX.RCE!CVE-2007-0219

Exploit:Win/Agent.AgentCharactersLoad.RCE!CVE-2007-1205

Exploit:Win/COM.IME.RCE!CVE-2007-0942

Exploit:Win/WMS.MDSAuth.RCE!CVE-2007-2221

Exploit:Win/COM.CAPICOM.RCE!CVE-2007-0940

Exploit:Win/COM.URLMON.RCE!CVE-2007-0218

Exploit:Win/COM.SCM.RCE!CVE-2007-2222

Exploit:Win/MSIE.MSXML.RCE!CVE-2007-2223

Exploit:Win/VB.TBLinf32.RCE!CVE-2007-2216

Exploit:Win/VB.Pdwizard.RCE!CVE-2007-3041

Exploit:Win/MSIE.Agent.RCE!CVE-2007-3040

Exploit:Win/MSIE.ActiveXObject.RCE!CVE-2008-1086

Exploit:Win/IE.SpeechAPI.RCE!CVE-2007-0675

Exploit:Win/MSIE.ActiveX.PE!CVE-2008-2462

Exploit:Win/MSIE.Messenger.RCE!CVE-2008-0082

Exploit:Win/MSIE.FlexGrid.RCE!CVE-2008-4253

Exploit:Win/MSIE.FlexGrid.RCE!CVE-2008-4254

Exploit:Win/MSIE.ChartControls.RCE!CVE-2008-4256

Exploit:Win/MSIE.ParameterValidation.RCE!CVE-2008-4258

Exploit:Win/MSIE.ActiveX.RCE!CVE-2010-0252

Exploit:Win/IE.ActiveX.RCE!CVE-2010-3973

Exploit:Win/IIS.HelpSearch.XSS!CAN-2002-0074

Exploit:Win/DotNET.ASPState.RCE!CAN-2002-0369

Exploit:Win/SQLServer.SQLXML.RCE!CAN-2002-0186

Exploit:Win/CMS.SQLServer.RCE!CAN-2002-0719

Exploit:Win/ISA.Forms.XSS!CVE-2009-0237

Exploit:Win/IISUnicode.WebDav.PE!CVE-2009-1535

Exploit:Win/HTTP.URL.SQLInj!NIS-2009-0003

Exploit:Win/IIS.RedirectMsg.XSS!CAN-2002-0075

Exploit:Win/IIS.ErrorPage.XSS!CAN-2002-0148

Exploit:Win/HTTP.Biztalk.RCE!CAN-2003-0118

Exploit:Win/IIS.IndexService.XSS!CVE-2006-0032

Exploit:Win/SharePoint.Layouts.XSS!CVE-2010-0817

Exploit:Win/MSRPC.RPRN.RCE!CVE-2010-2729

Exploit:Win/SMB.ASN1.RCE!CAN-2004-0123

Policy:Win/ActiveDirectory.NetLogon.DoS!CVE-2011-0040

Policy:Win/ASPNET.CBC.InfoDisc!CVE-2010-3332

Policy:Win/ASPNET.HashTable.DoS!CVE-2011-3414

Policy:Win/Exchange.CDO.RCE!CVE-2005-1987

Policy:Win/Forefront.UAG.Spoofing!CVE-2010-2732

Policy:Win/ForeFront.UAG.XSS!CVE-2010-2734

Policy:Win/HTTP.FileExtension.MisConfig!CVE-2009-4444

Policy:Win/HTTP.NSIISLOG.RCE!CAN-2003-0349

Policy:Win/HTTP.Parser.DoS!NIS-2009-0006

Policy:Win/HTTP.SafeHTML1.XSS!CVE-2010-3324

Policy:Win/HTTP.SafeHTML2.XSS!CVE-2010-3324

Policy:Win/HTTP.SharpointServices.XSS!CAN-2005-0049

Policy:Win/HTTP.URL.XSS!NIS-2009-0005

Policy:Win/HTTP.URLMON.RCE!CAN-2003-0113

Policy:Win/IE.ActiveX.DoS!CVE-2010-3340

Policy:Win/IIS.FastCGI.RCE!CVE-2010-2730

Policy:Win/MSIE.OBJ.RCE!CVE-2008-2256

Policy:Win/MSIE.SearchPath.PE!CVE-2008-2540

Policy:Win/MSIE.SearchPath.RCE!CVE-2008-2540

Policy:Win/MSRPC.HIS.RCE!CVE-2008-3466

Policy:Win/MSRPCH.CIS.DoS!CAN-2003-0807

Policy:Win/Outlook.Header.DoS!CVE-2006-1305

Policy:Win/POP3.Outlook.RCE!CAN-2002-1255

Policy:Win/RPCSS.DCOM.RCE!CAN-2003-0352

Policy:Win/Sharepoint.SafeHTML1.XSS!CVE-2010-3243

Policy:Win/Sharepoint.SafeHTML2.XSS!CVE-2010-3243

Policy:Win/SmartHTML.Shtml.RCE!CVE-2002-0692

Policy:Win/SMB.CIFS.RCE!CAN-2005-1206

Policy:Win/SMB.NegotiateResponse.RCE!CVE-2010-0017

Policy:Win/SMB.SRV.DoS!CVE-2010-0022

Policy:Win/SMB.SRV2.DoS!CVE-2010-2552

Policy:Win/SMB.TRANS.RCE!CVE-2008-4834

Policy:Win/SMB.WINREG.InfoDisc!CAN-2002-0049

Policy:Win/SMTP.AUTH.PE!CAN-2002-0054

Policy:Win/SMTP.Client.RCE!CAN-2002-0698

Policy:Win/SMTP.DNSLookups.RCE!CAN-2004-0840

Policy:Win/SMTP.STARTTLS.InfoDisc!CVE-2010-0025

Policy:Win/TLS.Header.MITM!CVE-2009-3555

Policy:Win/WinHTTP.ServicesAPI.RCE!CVE-2009-0086

Policy:Win/WINS.WPAD.MITM!CVE-2009-0094

Policy:Win/XMLCore.Location.RCE!CVE-2006-4685